[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF]

At 10:42 AM 10/24/95 -0400, Dr. Frederick B. Cohen wrote:
>>  > [...] uses an MD5 checksum which the members
>>  > of this list seem to place unlimited trust in (incorrectly in my view,
>>  > but that would be picking two nits with one keyboard entry).
>> Can you elaborate with facts on the supposed weakness of MD5 ?
>I didn't say that there were any weaknesses in MD5, all I said was:
>	"unlimited trust ... (incorrectly in my view...)"
>> [btw who talked about 'unlimited' trust ?]
>There has been no limit given by anyone on this list to the level of
>trust they place in MD5.  Several people have posted (without
>contention) that MD5 is sufficiently trustworthy to trust billions of
>dollars in commerce to it's being able to prevent a selected plaintext
>attack as eluded to above.  If you think we should trust it, and you
>don't limit your assessment of trust, what other assumption should I
>make? If several people proclaim that trust and nobody stands up in
>disagreement, tacit agreement is my normal (although not necessarily
>justified) assumption. 

The dear "Dr." Cohen strikes again:

  It would appear that "Dr." Cohen continues to assume that this list
appeared the moment he first posted, or that we love to type the same
symbols over and over.  This list places no more trust in MD5 than in
IDEA--or RSA, for that matter.  But since banks CURRENTLY trust RSA for
billions of dollars in transactions (and, I believe with fairly small
moduli) this trust is the usual trust of experience.

  In fact there HAVE been discussions of the security of MD5 on this
list--but since they occured before the good "Dr." Cohen arrived, perhaps we
should have them again for his sake.  But since most of us tire of typing
(and reading) endless explainations that we DON'T trust something
absolutely, we don't.  We also don't spend all of our time correcting
slightly overgeneralized statements. And of course there is the small fact
that quite a few people here believe that if anyone is foolish enough to
place absolute trust in an algorithm, who are we to disabuse them?

  But if "Dr." Cohen wishes to discuss the weaknesses of MD5, he should
focus his attention on his prefered whipping dog--PGP.  Some versions of PGP
had an insecure implementation of MD5.  But of course the "Dr." should know
that an insecure implementation is very far from a demonstration that an
algorithm is insecure.

Nathan Zook
Now installing Linux 3.0 or something...